On 2014-04-26 13:19:35 +0200, Alessandro Ghedini wrote: > On sab, apr 26, 2014 at 09:05:25 +0200, Vincent Lefevre wrote: > > On 2014-04-25 21:52:38 +0200, Alessandro Ghedini wrote: > > > or 2) curl dowloads such list from the internet every time it opens > > > an HTTPS connection. > > > > not every time. It doesn't really make sense to download a list > > again after a few seconds. There could be some "expire" setting of > > a downloaded list (IMHO, the order of magnitude would be the day). > > The user should also have the possibility to force a download > > (like he can force a reload of a cached page). > > curl is not a browser and it doesn't have a cache,
All applications can use a cache, and the place to store such data is even standardized: look at the .cache directory. That's for users. Or /var/cache at the system level. > so it would need to be configured to save the CRLs somewhere. > Picking a default for this kind of thing is hard, because people use > curl in the weirdest ways (and they will complain). I don't see why. > Also, what about libcurl users? I think that this should actually be part of libcurl. Some apps could use libcurl to transmit sensitive data... > Well, CRLs have an "expire date" (or "Next Update" date), which I think > clients > are supposed to check that it's not in the past, and some (most?) CAs set it > to > be after about a day after the date in which the CRL was last updated. If the > local CRL is not updated accordingly, the clients would always fail. The > update > would also be needed for stable releases, which is a huge PITA on its own. I don't think that's a problem for stable: the package itself doesn't need to be updated (well, one may decide the way it is implemented). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org